#!/usr/bin/perl -w

use strict;

use Data::Dumper;
use Getopt::Std;
use CIF::Client;
require JSON;

my %opts;
getopt('dhHL:p:f:q:c:s:r:C:', \%opts);

my $query       = $opts{'q'} || shift;
our $debug       = ($opts{'d'}) ? 1 : 0;
my $c           = $opts{'C'} || $ENV{'HOME'}.'/.cif';
my $fields      = $opts{'f'};
my $severity    = $opts{'s'};
my $restriction = $opts{'r'};
my $plugin      = $opts{'p'} || 'table';
my $max_desc    = $opts{'L'} || 100;
my $nolog       = $opts{'n'} || 0;
my $summary     = $opts{'S'};
my $nomap       = $opts{'N'};
my $confidence  = $opts{'c'} || 40;
my $plugs = join(',',CIF::Client::_plugins);
my $simple_hashes = (defined($opts{'H'})) ? $opts{'H'} : 1;

#die(usage()) unless($query || $opts{'h'});


sub usage {
    return <<EOF;
Usage: perl $0 -q xyz.com

    -h  --help:             this message
    -q  --query:            query string (use 'url\\/<md5|sha1>' for url hash lookups)
    -s  --severity:         severity (low,medium,high), default: high
    -p  --plugin:           output plugin ($plugs), default: $plugin
    -n  --nolog             perform a "silent" query (no log query), default: $nolog
    -f  --fields:           set default output fields for default table display
    -S  --summary:          consolidated Text::Table output (default: 1 -- True)
    -N  --nomap:            don't map restrictions on server (queries only)
    -c  --confidence:       lowest tolerated confidence (0.00 -- 100.00), default $confidence
    -H  --simplehashes:     translate the complex json documents to simplified key value pairs, default: $simple_hashes

Queries:

    \$> perl $0 -q url\\/f8e74165fb840026fd0fce1fd7d62f5d0e57e7ac
    \$> perl $0 -q hut2.ru
    \$> perl $0 -q hut2.ru,url\\/f8e74165fb840026fd0fce1fd7d62f5d0e57e7ac
    \$> perl $0 hut2.ru

Feeds:
    
    \$> perl $0 -q malware
    \$> perl $0 -q malware -s low
    \$> perl $0 -q infrastructure/network -s medium -p snort
    \$> perl $0 -q domain/malware -p bindzone -c 95 -s medium
    \$> perl $0 -q domain -s medium -c 40 -p raw -H 0

    configuration file ~/.cif should be readable and look something like:

    [client]
    host = https://example.com:443/api
    apikey = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    timeout = 60

EOF
}
my ($client,$err) = CIF::Client->new({ 
    config      => $c,
    fields      => $fields,
    max_desc    => $max_desc,
    nolog       => $nolog,
    simple_hashes => $simple_hashes,
});

die($err) unless($client);

my $h = {
    address     => 'example.com',
    severity    => 'high',
    confidence  => '40',
    description => 'zeus',
    impact      => 'botnet domain',
};
my $json = JSON::to_json($h);
my $ret = $client->POST('?apikey='.$client->{'apikey'},$json);
warn $client->responseCode();
warn $client->responseContent();


